Privilege Escalation Vulnerability in OpenStack Identity by OpenStack
CVE-2014-3476

Currently unrated

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 17 June 2014

Summary

OpenStack Identity (Keystone) prior to specific versions is vulnerable to a privilege escalation flaw due to improper handling of chained delegation. This issue allows remote authenticated users to exploit trust or OAuth tokens with impersonation capabilities, enabling them to create new tokens with elevated roles. Such vulnerabilities can lead to unauthorized access and potential misuse of the OpenStack environment, compromising its integrity and security.

References

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/59547

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/68026

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 17, 2014
Vulnerability Reserved
May 14, 2014